Back to search
CVE-2017-18095
Published: Feb 19, 2018
Modified: Sep 16, 2024
PUBLISHED
Description
The SnippetRPCServiceImpl class in Atlassian Crucible before version 4.5.1 (the fixed version 4.5.x) and before 4.6.0 allows remote attackers to comment on snippets they do not have authorization to access via an improper authorization vulnerability.
| Vendor | Product | Versions |
|---|---|---|
Atlassian | Crucible | affected prior to 4.5.1affected prior to 4.6.0 |
Weaknesses (CWE)
References
103207
vdb-entry
x_refsource_BID
https://jira.atlassian.com/browse/CRUC-8178
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now